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Lawsuit will 
not repulse 
Java devs 

BY ALEX HANDY 

On the outside, Oracle would 
seem to be doing everything out- 
siders had feared: The company 
has shut down OpenSolaris, lost 
a number of high-profile 
employees such as James 
Gosling, and, as of August, has 
shown it is willing to litigate 
using its Java patents. But is Ora- 
cle actually harming Java's image 
in the eyes of its users? 

Despite the company's patent 
lawsuit against Google, much of 
the current brouhaha over Java 
isn't taking place inside corpo- 
rate halls. Most of the discus- 
sions around Oracle's actions 
have taken place online. 
Gosling's blog, Nighthacks.com, 
has become a hotbed for specu- 
lation and discussion about Ora- 
cle and Java. 

Gosling claimed that when he 
met with Oracle's lawyers after 
the acquisition, they were deeply 
focused on what Google was 
doing with the Android platform. 
Gosling said Oracle's lawyers 
were specifically looking for 
patents for litigation purposes. 

But Amit Pandey, CEO of 
Terracotta, said that he heard 
Sun was preparing such litigation 
even before the Oracle acquisi- 
tion. "I think Oracle basically 
picked up where Sun left off. My 
understanding was this litigation 
continued on page 20 ► 



Apple's relaxed iOS rules 
might not help developers 



BY DAVID RUBINSTEIN 

Apple has relaxed the prohibitive 
clauses in its newly published 
App Store Review Guidelines, 
which effectively closed the plat- 
form to all but Apple developers. 
The revised agreement offers 
developers more options, but 
one iPhone development expert 
says those options might not nec- 
essarily be better ones. 

In the guidelines, restrictions 
on the tools that developers can 
use to create apps for the iOS 
have been eased, meaning devel- 
opers can use Flash to create 



applications sold in the App and creator of the QuickC onnect iPad developer, trainer and 



Store that are compiled to work 
on the iPhone with Adobe Pack- 
ager software. 

In a news release, Apple stat- 
ed that although the restrictions 
on tools have been eased, iOS 
applications cannot download 
code, such as a Flash player. 
"This should give developers the 
flexibility they want, while pre- 
serving the security we need," 
the company wrote. 

Lee S. Barney, a professor of 
information technology at 
Brigham Young University-Idaho 



JavaScript framework, said the 
changes will make users of the 
Adobe tool suite happy — at least 
initially. 

"As time goes by and they 
find their applications don't 
quite run well, it may lose some 
of its luster," he said. "Code gen- 
erators and cross-compilers have 
always been troublesome in the 
industry. It can take quite some 
time to work out the size, speed 
and reliability issues. Sometimes 
it isn't even possible." 

Nathan Eror, an iPhone and 



author with Free Time Studios in 
the Houston area, said the move 
"gives developers more flexibility 
to innovate and compete on the 
platform." He added that the 
new transparency in the App 
Store approval process is per- 
haps more important than the 
tools decision. 

"The new 'rules' document is 
a very useful guide for develop- 
ers," he said. "It removes the 
black box problem of the 
approval process, and developers 
continued on page 20 ► 



Yehuda Katz: Plug-ins the 
focus of Rails 3.0 

Engineer behind Merb talks about 
the next steps for the project 




BY ALEX HANDY 

Four years ago, Merb was created 
as an alternative to Ruby-on-Rails. 
The project was focused on creat- 
ing an optimized environment 
that was thread-safe. But in 
December of 2008, Merb and 
Rails were on a collision course, 
set to split the Ruby community in 
two. Instead of fighting, the two 
projects made nice, and it was 
decided that Merb would be 



merged with Rails for version 3.0. 
At the end of August, Rails 3.0 
finally arrived. We caught up with 
Engine Yard's Yehuda Katz, cre- 
ator of Merb and now a core Rails 
committer, to ask him about the 
new combined projects and to 
check in on the major changes to 
Ruby's partner in all things Web. 
SD Times: What did the merge 
accomplish? What historic Ruby 
problems are now gone? 



Yehuda Katz: Merb was created 
four years ago to address the 
fact that Rails wasn't thread- 
safe. We decided it would be 
easier to start over and write 
something small rather than try 
to make the existing monolithic 
thing thread-safe. 

Over time, Merb became this 
full-fledged Rails competitor. 
During that time, Rails actually 
got thread-safe, Rails got faster, 



Rails got Rack, Rails got a lot of 
the things that Merb had. But 
because they were starting from 
an existing thing, they were nev- 
er really able to catch up to 
Merb's aggressive performance 
targets. 

But at some point, we were 
fighting a lot, and we sat down 
and said, "We don't have the 
exact same priorities, but we 
have the same goals. We'll get 
really aggressive about dealing 
with the parts of Rails that are 
too slow or could use better 
threading." 

So we rewrote Action Pack. 
Rails has some backwards-com- 
patibility concerns that make it 
impossible to make the basic 
experience quite as fast as Merb, 
but one of the goals of Rails 3.0 
continued on page 20 ► 
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Smarter technology for a Smarter Planet: 



It's time to ask smarter questions. 

What exactly does a benchmark mean? For the last five years, IBM DB2® on Power Systems'" has ranked 
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Business intelligence hits the gridiron 



The New York Jets' data management program tracks action in the stadium 

hardware, so 
challenge findin 



BY KATIE SERIGNESE 

In the words of Hank Williams 
Jr.: "Are you ready for some 
football?" 

The New York Jets football 
organization certainly is with its 
new Command Center touch- 
screen application. Jets owner 
Woody Johnson used the busi- 
ness intelligence application for 
the first time during the Jets' first 
regular season football game 
against the Baltimore Ravens at 
the New Meadowlands Stadium. 

While using the application s 
dashboard, called "The Pocket," 
Johnson and other permitted 
individuals can access live, real- 
time data on tickets, merchan- 
dise, concessions and parking. 

Made up of two pieces, the 
Jets developed a .NET applica- 
tion to pull data from data files to 
be placed into a common source, 
explained David Simbandumwe, 
engagement director at 
Roundarch, which helped with 
the applications development. 

This portion of the applica- 
tion includes an ETL (extract, 
transform and load) process that 
accesses data feeds from point- 
of-sale systems Micros, Retail 
Pro and Ticket Master, and it 
summarizes the data into a con- 
sistent format, according 
Roundarch s technical specs. 

Roundarch built a J2EE serv- 
er-side application, which 
retrieves the information from 
the database, and a touch-screen 
or client-side application to ren- 
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The New York Jets use Command Center to check on activity in the stadium. 



der everything, Simbandumwe 
added. The touch-screen utilizes 
Adobe AIR and Gesture Works, 
a solution for creating multi- 
touch applications for touch- 
screen interactions, and it runs 
on Windows 7. 

Aside from ticket and mer- 
chandise data, additional details 
can be seen by moving portions 
of a model of the stadium and 
zeroing in on certain areas via 
the touch-screen. For example, 
Simbandumwe said, the applica- 
tion can compare the weather 
from two games ago, which was 
cold and rainy, to todays sunny 
and clear weather, which in turn 
can show the impact of sales on 
hats and jackets. 

Roundarch came to work 
with the Jets when a former Jets 
and current Roundarch archi- 



tect Jesse Freeman put the two 
organizations in touch. After 
the ball got rolling, Simban- 
dumwe said, the challenge 
came in finding the tools that 
worked best together. 

"Touch-screen applications 
are relatively more married to 



it was a 
^ the set 
of tools that work effec- 
tively together," he said. 
"And finding out how to 
assemble the application 
was fairly challenging as 
well." 

From the Jets' per- 
spective, the decision to 
use Microsoft technolo- 
gies was based on avail- 
able skill sets within its 
technology organization. 
Roundarch decided to 
work with a Flex/J2EE 
stack because of its 
maturity and its ability 
to run as a standalone 
application outside the browser. 
Also, working with closed and 
proprietary systems always has 
its challenges, Simbandumwe 
added. "Traditional point-of-sale 
applications such as Ticket Mas- 
ter are used to generate a report 
at the end of an event. But now 
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we're saying we're going to 
query you at certain intervals, 
and you need to give us good and 
up-to-date data," he said. 

To overcome this, the Jets 
designed a Ticket Master data 
feed that utilizes Ticket Master's 
Archtics database. "We are able 
to query the hosted server for 
barcode data within a minute of 
being scanned," said Paul 
Marsh, senior manager of web- 
site technology with the Jets 
organization, in an e-mail. 

From there, information 
such as when someone entered 
a parking lot to when they 
entered the stadium is tied 
together, he added. 

There was also the decision 
on customization and what the 
interface should look like, Sim- 
bandumwe said. In this case, the 
data is sliced and diced accord- 
ing to time and locations within 
the stadium. That data is then 
represented on a mockup of the 
stadium, along with a "game 
clock." It gets its data from an 
NFL feed called Game Statistics 
and Information System. 

Stats from a particular game, 
such as temperature and score, 
are recorded and stored in the 
database, Simbandumwe said. 
Using the "game slider" control 
in the application, the data is 
called up "to reflect the values 
at that point in time during the 
game," such as how much mer- 
chandise was sold by the end of 
the second quarter, he added. I 



Updated Redis NoSQL can store hashes, save datasets 



BY ALEX HANDY 

The NoSQL movement has 
produced a range of contenders 
for the crown of "best cloud 
data store," and one of the 
prime candidates, Redis, was 
updated to 2.0 in September. It 
adds the ability to store hashes, 
support for saving datasets to 
hard drives, and new blocking 
pop commands to allow clients 
to safely change data without 
interference. 

The commands BLPOP and 
BRPOP were added to support 
popping from a list in a block- 
ing fashion. This means the 
client connection will be 
blocked for a certain amount of 
time until another client pushes 
an item on a list. These com- 
mands are frequently used in 
producer/consumer scenarios. 



Redis' short history is dotted 
with corporate sponsors. In the 
past, Citrusbyte and Engine 
Yard both channeled funds to 
the development of Redis. 
Today, however, VMware is the 
primary sponsor of the project. 

Tom Mornini, CTO of 
Engine Yard, said the primary 
reason his company was 
involved with Redis was its flex- 
ibility as a data store. He said 
Redis' creator, Salvatore Sanfil- 
ippo, is incredibly focused on 
simple, small, stable code. 

"The real thing I like about it 
is there's a tug-of-war in devel- 
opers' minds between transac- 
tionality and speed," said 
Mornini. "SQL databases have 
always had transactionality in 
spades, but they don't scale hor- 
izontally. 



"Most of the key value pairs 
that do scale are eventually con- 
sistent. The interesting thing 
about Redis is [Sanfilippo] 
drew a fine line in making the 
design of the server and its 
evented model. He provides 
extremely high throughput, 
which reduces the need for 
large-scale parallelism, which 
allows for transactionality in a 
very consistent manner. You 
don't have to work through the 
concerns of 'What if two people 
change this key simultaneous- 
ly?' because that's impossible in 
Redis. Normally that would be 
a performance bottleneck, but 
because of its design, you never 
run out of processor, you run 
out of network ports first." 

That's a big difference 
between Redis and other 



NoSQL databases, said Morni- 
ni: Redis is a jack-of- all-trades. 
"One of the best descriptions 
I've heard is that it's a network- 
accessible CS101 data store 
server," he said. "It's not just 
'throw it in a key and get it 
back,' it's a list server, a hash 
server, a test and a set server, all 
these basic primitives that are 
required to build highly distrib- 
uted transactional applications." 

Engine Yard was initially a 
sponsor of Redis because the 
company wanted to implement 
virtual memory in the NoSQL 
database. With Redis 2.0, that 
work has been completed. 
VMware has now taken the 
reins of dictating features 
through funding. 

For this version, the big 
changes were focused 



extending the capabilities of the 
server itself. The addition of 
publish/subscribe functions and 
the new blocking pop com- 
mands allow developers to use 
Redis more like a message 
queue than a key- value store. 
The publish/subscribe com- 
mands, in particular, allow 
information stored in Redis to 
be pushed out to necessary ser- 
vices when changed. 

Finally, version 2.0 adds 
MULTI/EXEC commands that 
allow developers to queue up 
functions to run in serialized 
order. Once queued for execu- 
tion, no other user actions can 
be inserted into the command 
chain, ensuring developers a 
method of executing their 
actions in an exact order with- 
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Integrations drive 
Mule train to 3.0 

ESB adds REST support, works beyond firewall 



BY ALEX HANDY 

Like prospectors of old, enter- 
prise developers need a trusty 
Mule, and so the enterprise ser- 
vice bus Mule 3.0 was released 
in September, bringing new 
features for integrating with 
external services and clouds. 

Mule 3.0 adds Cloud Con- 
nect, a set of features for helping 
enterprises break out of restric- 
tions from the firewall to work 
with other data sources. 

Ross Mason, CTO and 
founder of MuleSoft, said that 
the Mule ESB is morphing into 
a next-generation services bus. 

"Mule Cloud Connect is 
comprised of a few different 
things," he said. "At its core, 
we've added native REST sup- 
port to the Mule ESB itself. 
Given how much people are 
moving to REST, I find the 
adoption cycle seems to be 
growing a lot quicker than mes- 
saging and Web services." 

Another big focus for Mule 
3.0 was integration with 
JavaScript. "There's been a shift 



in the way people are building 
enterprise applications," said 
Mason. "They want to use 
things like JavaScript, j Query 
and JSON. We see a lot of folks 
turn to these JavaScript-based 
widget libraries for supporting 
applications." 

Mule 3.0 provides better 
support for hooking directly to 
those applications using AJAX 
support to bind with the frame- 
works, but it uses standard 
AJAX support for publishing to 
the ESB itself, he said. "If you 
want to bind to these frame- 
works, you've traditionally had 
to go through an application 
server, and there're many times 
where that's not necessary." 

These new features are 
indicative of a new approach at 
Mule: one of simplicity. "If you 
look at the way the industry has 
gone around integration and 
ESBs, it tends to be very fea- 
ture-oriented," said Mason. 

"In Mule 3.0, we've intro- 
duced a new concept around 
pattern-based configuration. 



We talked to hundreds of our 
users and customers about what 
they're doing with our ESB 
product. We boiled it down into 
well-defined discrete patterns. 
It makes the ESB available to a 
wider audience. Once you start 
moving things around an ESB 
application, you can provide 
larger building blocks." 

One thing that was too com- 
plicated for Mule 3.0 was OSGi. 
Mason said the team at MuleSoft 
initially looked at OSGi as a way 
for allowing dynamic loading of 
libraries and updated code. But 
in the end, the programming 
model this would require from 
users was too complex, he said. 

Instead, the Mule team built 
its own dynamic class-loading 
capabilities that provide similar 
functionality to OSGi. 

For the future, Mason said 
MuleSoft is working on a new 
manager console, as well as new 
features that give what he 
called unparalleled monitoring 
and management capabilities 
for an open-source ESB. I 



A path from mainframes to platforms 

Micro Focus updates bring increased support for SQL Server syntaxes 



BY KATIE SERIGNESE 

To help companies migrate 
applications from mainframes 
to lower-cost platforms, Micro 
Focus introduced in September 
its next generation of main- 
frame migration tools: Studio 
Enterprise Edition and Server 
Enterprise Edition 6.0 SP1. 

Studio EE, a suite of graphi- 
cal tools for business applica- 
tion migration, and Server EE, 
a tool for deploying migrated 
applications on a new platform, 
now include a host compatibili- 
ty option for SQL Server. 

"This option increases the 
support for different SQL Serv- 
er syntaxes," said Richard Peg- 
den, head of product marketing 
at Micro Focus. The option 
makes the data part of a migra- 
tion easier to achieve when 
moving, he said. 

"Over time, different ven- 
dors have built up their own 
SQL syntaxes," Pegden 
explained. "So, as applications 
are migrated off the main- 
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The Server EE deploys migrated applications onto new platforms. 



frame, there are some SQL 
statements [which are com- 
mands to access data from a 
database] that perhaps need to 
be edited as part of that migra- 
tion in order to fit the syntax on 
the environment they are mov- 
ing to." 

By supporting more SQL 
syntaxes, Studio EE and Server 



EE now reduce the need to 
manually change code during 
migration, which cuts down 
migration time and increases 
the amount of moved syntaxes, 
he added. 

On top of its support for the 
COBOL programming lan- 
guage, the tools now support 
PL/I. I 
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NEW PRODUCTS 



OpsHub is offering an integrated ALM analytics solution, which lets 
teams with disparate development tools have a single dashboard view 
with root cause analysis in all of their development activities. As a 
result, the company said, engineers can have deep understanding of 
the performance of their development organization while conveying 
business-relevant metrics to their executives. 
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Quest Software has added Apache Cassandra, an open-source 
NoSQL database, to its list of supported NoSQL platforms with the 
second beta release of Toad for Cloud Databases. Toad now sup- 
ports data access and management for Amazon SimpleDB, Apache 
Cassandra, Apache HBase, Microsoft Azure Table Services, and any 
ODBC-enabled relational database . . . The new version of Rhodes, 
the cross-platform mobile app framework from Rhomobile, has the 
ability to recognize barcodes and to capture signatures, and it also 
has an embedded version of jQuery, called jQTouch. Rhodes 2.1 is 
open-source software available under the MIT license. The compa- 
ny also updated its RhoSync open-source sync server: Version 2.0 
can do server data caching and incremental device update differ- 
encing via the open-source Redis key-value database . . . Electric 
Cloud is now offering a smaller version of its build-test-deploy 
automation software. ElectricCommander Workgroup Edition is 
designed to give smaller organizations access to the same features 
that larger enterprise customers have access to. The software 
works with C++, Java and .NET environments . . . ActiveVOS 8.0, 
the new version of the business process management software 
from Active Endpoints, supports the concept of pools and swim- 
lanes, as defined by the Business Process Management Notation 
2.0 language. It also supports BPMN 2.0 boundary events, can work 
with unstructured process designs, and provides direct access to 
data sources from within the ActiveVOS system without needing to 
service-enable them with external software . . . SQL Storage Com- 
press 5.0, an updated database utility from Red Gate, reduces the 
storage footprint of live SQL Server databases. The company says 
that the software, previously known as HyperBac Online, also 
improves I/O performance. This release compresses data up to 
90%, lets SQL Server run compressed databases, and improves 
performance by up to 25% . . . Intel is offering the 2011 version of 
its Parallel Studio suite for multicore development. The new 
release adds expanded threading libraries and a threading advisor 
to its C++ compiler, error-checking, and profiling tools. In the suite, 
Parallel Building Blocks adds new parallelism models, including 
Cilk Plus for C/C++ and Threading Building Blocks for C++. Parallel 
Advisor provides architects with parallelism design insight and 
analysis for building multicore applications. The software fully sup- 
ports Microsoft's Windows 7 Visual Studio 2010 . . . OraDeveloper 
Tools, a Delphi and Visual Studio add-in designed to simplify the 
Oracle database application development process, has been updat- 
ed to support Visual Studio 2010. The software is from Devart, 
which has also updated its dbForge Fusion for MySQL tool to work 
with Visual Studio 2010, to back up schemas automatically, and to 
offer a graphical display for query performance profiles. 



PEOPLE 



Donna Farmer is the new managing director of the Scrum Alliance, the 
non-profit organization that promotes the Scrum agile framework. 
Farmer was the founder and CEO of TOR LLC, an executive search firm. 
She replaces James Cundiff, who resigned as managing director in 
September 2009, but stayed on in an interim capacity pending his 
replacement . . . Jim Highsmith, one of the co-authors of the Agile 
Manifesto and an expert on agile project management, has joined 
ThoughtWorks as executive consultant and strategic advisor. Previ- 
ously, Highsmith directed Cutter Consortium's Agile Project Manage- 
ment Advisory Service. He is perhaps best known for his 2000 book, 
"Adaptive Software Development: A Collaborative Approach to Man- 
aging Complex Systems." I 
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Ehcache handles Java garbage its own way 

Terracotta turns to non-distributed usage model for its in-memory cache project 



BY ALEX HANDY 

When memory usage grows, Java 
garbage collection slows. This historic 
weakness of the platform was a sticking 
point for Terracotta's Ehcache distrib- 
uted in-memory cache project. So, in 
September, the company opened the 
doors to a public beta test of BigMem- 
ory for Enterprise Ehcache, which 
aims to smooth the final wrinkles in a 
solution the company hopes to have 
ready for a mid-October release. 

Amit Pandey, CEO of Terracotta, 
said that the Ehcache team found Java 
garbage collection to be an issue. Rather 
than spend their time helping each cus- 
tomer configure his or her own applica- 
tion server, the Ehcache team decided 
to fix the problem at its root. 

"Our distributed cache is used by 
customers who have applications that 
need a fair amount of scale," said 
Pandey. "One of the things we almost 
always run into in the field is that they 
want to make the caches as big as pos- 
sible. Of course, when our heap 
exceeds a certain size — six or eight 
gigabytes — we start to run into the 
garbage collection tuning issues just 
like any other Java process. 
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Terracotta found that Java garbage collection was slowing down its Ehcache, so they kicked 
Java garbage collection to the curb. 



"Rather than spending time tuning 
garbage collection, our team said, 
'Since it's a hash map in the cache, it 
would not be that hard for us to write 
our own memory manager.' It turned 
out that it took them a whole year." 

Despite its label as a distributed 
cache, Ehcache can now scale across 
large swaths of memory in a single 
machine, said Pandey. This non-distrib- 
uted usage model is more compelling to 



some developers, he said. While the 
world outside screams for cloud services 
hosted across hundreds of machines, he 
said that many Terracotta customers are 
still scared of committing to such archi- 
tectures. For those users, scaling across 
100GB of memory on a single box can 
mean a great deal of development time- 
savings. 

"Generally there is certainly a mas- 
sive push for trying to get — not neces- 



sarily distributed — but get as much 
data into memory as possible, and to 
get as much hardware density under 
that as possible," said Pandey. 

"We have customers who say, T'd 
love to put it on one or two boxes and 
be done with it.' We see that as a fan- 
tastic use case for BigMemory You can 
put it on two boxes and you don't have 
to run 200 instances of VMware. If 
each instance can take 100 to 200GB of 
memory, what more do you need?" 

That means developers looking to 
scale don't have to be experts in dis- 
tributed systems, said Pandey. 

"It takes a fair bit of effort to get a 
person across the line from T have a 
monolithic server, now you're asking 
me to share data between instances of 
my application? Will I run into concur- 



rency issues 



? Is 



my 



network fast 



enough?' Those are the questions of 
distributed computing," he said. 

"A lot of the trends around big data 
are pushing people to get big and dis- 
tributed. That's wonderful and that's 
our bread and butter, but the reason 
we're so excited about BigMemory is 
we felt this could be used by people 
who are afraid of being distributed." I 
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Vi Labs turns to Force.com to combat piracy 



BY KATIE SERIGNESE 

To help ISVs prevent lost rev- 
enue from pirated software, Vi 
Labs, a provider of piracy- 
detection software, introduced 
in September CodeArmor 
Intelligence 3.0, its software 



license compliance solution. 

Built on Force.com, Sales- 
forces enterprise cloud comput- 
ing platform, CodeArmor Intelli- 
gence aggregates a huge set of 
data from the total number of 
unique machines using an ISVs 



software, explained Victor 
DeMarines, vice president of 
products for Vi Labs. That num- 
ber also correlates to the number 
of licenses that are infringed 
upon by an organization. 

This integration with the 



Force.com platform also utilizes 
Salesforce Chatter collaboration 
features to provide a "staging 
area to view all the data, and a 
place for users to make action- 
able decisions," he added. 

"ISVs can now review their 
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data in a Force.com dashboard, 
and leverage both detailed 
reports and filtering capabilities 
to make data-driven decisions 
about which companies to pur- 
sue first or which geographical 
locations require the most 
attention," said Joseph Noonan, 
Vi Labs' president and CEO. 

Other new features in 
CodeArmor Intelligence 3.0 
include added support for Visual 
Studio 2010 environments, and 
remote management and status 
checks on CodeArmor Intelli- 
gence deployments. 

Version 3.0 is available now 
through a tiered annual sub- 
scription based on revenue 
from an ISVs product. I 

EXCLUSIVITY ON 
THE RISE AMONG 
MOBILE CARRIERS 

BY ALYSON BEHR 

With mobile application devel- 
opment and attached revenue 
blowing through the roof, all 
manner of deals are possible 
between carriers and develop- 
ers. But the conceptual duel 
between proprietary (iPhone) 
and open (Droid) has a new gun- 
slinger in town: Exclusivity. 

Carriers are beginning to 
negotiate exclusive deals with 
app developers and gaining cus- 
tomer market share from them. 
For example, Microsoft recently 
announced a new Bing app for 
Android. Its not available to all 
Android phone users, only the 
ones that use Verizon. AT&T, 
Sprint and T-Mobile Android 
customers are out of luck. 

How did this happen? Sev- 
eral of Verizon's BlackBerrys 
have been running Bing as their 
default search app for a while, 
so it was simple to expand the 
basic conceptual relationship. 

This is different from 
Google's current Android model 
where Apps in the Android Mar- 
ket can run on any Android- 
compatible phone, regardless of 
carrier. This has been a cool way 
to do business, but as more car- 
riers turn to exclusive deals with 
app developers, the Android 
model may begin to lose ground. 

For now, developers can use 
filters in their apps that will limit 
downloads to consumers on a 
certain carrier. Most developers 
choose not to activate them. But 
deals like the one between 
Microsoft and Verizon may make 
some app makers decide that 
exclusivity is the new buzzword 
in their revenue stream. I 
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Smartphone users love weather, games 

Ratings company details the preferences of mobile users in new report 



BY ALEX HANDY 

Games, the weather, Pandora. . . 

Sounds like a few clues from the old 
"$100,000 Pyramid" game show And the 
question would be, "What are smart- 
phone users doing the most with their 
devices?" 

The Nielsen Company, famous for its 



television ratings, released in September 
a report on how smartphone owners 
purchase and utilize applications. The 
report, announced at the AppNation 
conference in San Francisco, focused on 
the differences between smartphone 
users and users of other, more primitive 
devices, known as feature phones. 



Category of apps used in August 2010 




HousEhoti/PErsnnal Car e 



Source: The Nielsen Company 




Among the revelations within the report: 
Smartphone users love to read about the 
weather, spend half of their application 
dollars on games, and enjoy the Pandora 
online music service. 

The report also describes the applica- 
tion purchasing habits of the average 
smartphone user. "App users who go to 
the Apple App Store tend to download 
nearly twice as many apps as those who 
go to the Android Market or the Black- 
Berry App World Store," said the report. 



"They also seem more willing to pay 
for their apps: Apple App Store cus- 
tomers report that for every two free 
apps they download, they typically pay 
for one. In contrast, app users who fre- 
quent the Android Market and Black- 
Berry App World stores report down- 
loading more than 3.5 free apps for 
every one they buy. Meanwhile, Black- 
Berry owners are the least likely to con- 
vert from a 'lite,' free trial version of an 
app to a full, paid version." I 
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Students get free pass 
for development tools 



BY ALYSON BEHR 

It's a month into the school year, and 
many students with their sights set on a 
career as a developer are back in the 
classroom, wondering how they're going 
to afford this semester and still set the 
world on fire. 

While the cost of a cold beer won't 
likely break the bank account, purchasing 
development tools represents (let's hope) 
a bigger cut into resources. Fortunately, 
many major corporations recognize stu- 
dents' limitations and have stepped up to 
either offer free versions of their develop- 
ment software and tools, or to greatly 
reduce pricing and throw in other incen- 
tives to use their platforms. And why not? 
Along with good citizenship, these free- 
bies promote brand visibility and thought 
leadership, and nurture a youth-based, 
growing developer community. 

DreamSpark is a portal that gives 
students access to free Microsoft profes- 
sional-grade development tool down- 
loads, along with training in various for- 
mats. The portal also offers Visual 



Studio Pro 2010, Robotics Developer 
Studio, Game Studio, Visual Web 
Developer and more. 

IEEE gives students a break on mem- 
bership and encourages participation 
through numerous opportunities, includ- 
ing the upcoming 2011 President's 
Change the World Competition. To boot, 
student developer members are given 
access to Microsoft development apps, 
including Visual Studio Team System. 

Sun attracts students via its Sun 
Developer Network Academic Develop- 
er Program. Sun said the program is all 
about empowering academic developers 
through sharing, collaboration and open 
innovation. The company characterizes 
these elements as key to what it refers to 
as the "Participation Age." The site wel- 
comes teachers, professors, researchers 
and others who want to wrap Sun tools 
into their curricula. Free downloads of 
tools like NetBeans, Java Studio Creator, 
Sun Studio and more are available there, 
and free Web-based training comes with 
those tools. I 
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Cucumber pushes plain English for requirements 

Tool based on behavior-driven development designed for business users 



BY ALEX HANDY 

Remember: Cucumbers are 
fruits, not vegetables. And busi- 
nesspeople are suits, not pro- 
grammers. For two years, the 
Cucumber project has sought 
to change that. 

Originally created by Aslak 
Hellesoy as a rewrite of RSpec's 
Story Runner tools, Cucumber 
has matured enough for enter- 
prise work. But can the suits be 
taught to use it properly? 

The idea of plain-English 
requirements gathering tools is 
nothing new. Both Ravenflow 
and ThoughtWorks offer simi- 
lar takes on requirement tools. 
Cucumber's take on the idea 
comes from the behavior-dri- 
ven development world, how- 
ever, and focuses on taking the 
task to the businesspeople 
inside their comfort zones. 

But Ryan Smith, software 
developer at consulting firm 
Entryway, thinks that this is a 
nigh impossible task. "In all 
fairness, I don't think the inten- 
tion was ever for businesspeo- 



ple to be writing these, 
although they kind of marketed 
[Cucumber] that way," he said. 

"They should have correctly 
said it's easy enough for people 
who don't know code to write 
this, because it's English. It's 
not code. I work on a project 
where I did have a client try to 
write requirements in Cucum- 
ber. That was an experiment we 
did for a week, and it didn't 
turn out well. I stopped doing 
that altogether." 

Smith feels it's better to 
gather requirements in person, 
then build the code from those 
spoken and written cues, rather 
than rely upon the businesspeo- 
ple to write requirements in a 
special subset of English. 

PEOPLE PROBLEMS 

Joseph Wilk, a contributor to 
the Cucumber project, said that 
many of the problems tradition- 
ally associated with getting 
technical contributions and 
buy-in from business folk can 
get in the way of successfully 



using Cucumber. 

"There is more to this prob- 
lem than just tools," he said. "If 
there is a people problem with 
businesspeople not wanting to 
engage in writing specifications, 
forcing a tool on them may be 



for writing tests, I love Ruby, so I 
feel more productive in Ruby. 
When I'm writing my tests in 
Ruby, I enjoy all the benefits of 
Ruby. When I write them in 
English, then I add another step 
to translate them to Ruby." 



'By having a feature written in the business 

language, we can help ensure everyone is thinking 

and speaking in the same language. ' 

—Joseph Wilk, contributor to Cucumber 



the wrong way to approach the 
solution and something Cucum- 
ber can do nothing about." 

But as a Ruby developer, 
Smith sees little value in adding 
Cucumber to the requirements 
process. He said that using it 
adds another step to his devel- 
opment tasks. 

"Most Ruby developers find 
Ruby because they enjoy the 
syntax," he said. "They enjoy 
expressing their thoughts in 
Ruby. [Yukihiro Matsumoto] 
created the language to be beau- 
tiful and to be a pleasure to work 
with. When I come to a project 



But Wilk went on to say that 
Cucumber offers a way for 
developers and business users 
to speak a common language, 
and that's a core principle of 
behavior-driven development. 

"By having a specification/ 
feature written in the business 
language that is driving devel- 
opment, we can help ensure 
everyone is speaking and think- 
ing in the same language, and 
that the ubiquitous language is 
being pushed down into the 
code," he said. 

"Developers do have to inter- 
pret [business users'] needs, but 



how does the developer know 
that their interpretation is accu- 
rate?" Wilk continued. "At some 
level of discussion, there needs 
to be a shared understanding of 
what a feature needs to do. 
Nothing is better than sitting 
down and talking with the vari- 
ous stakeholders or exploring 
the requirements through exam- 
ples/scenarios. Cucumber pro- 
vides something that can be 
used in the exploration or as its 
output." 

He added that Cucumber 
documents can be revisited 
throughout the development 
process, as an unambiguous, 
plain-English way of describing 
what the software needs to do. 
"It's also important to realize 
that Cucumber features persist 
as living documentation in the 
codebase," he said. 

Wilk said Cucumber-encod- 
ed requirements can be translat- 
ed into tests later on, and thus it 
provides a medium for keeping 
the requirements close to the 
code throughout the life cycle. I 
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JetBrains provides coverage, profiling for .NET developers 



BY KATIE SERIGNESE 

To extend Microsoft Visual Stu- 
dio and its .NET productivity 
offerings, JetBrains, a provider 
of productivity-enhancing 

development tools, introduced 
dotCover, a new code-coverage 



tool for .NET developers, and 
dotTrace 4 Performance, a 
reworked version of its .NET 
profiling tool. 

dotCover, an extension to 
Visual Studio, highlights code 
that was not covered during a 



unit test and detects which unit 
tests covered a particular area 
in the code. This helps .NET 
developers ensure that every 
line that should be covered in a 
unit test is covered, according 
to the Prague-based company. 



The tool also aggregates data Cover analyzes statement-level 



from multiple coverage ses- 
sions, merges collected snap- 
shots and generates XML- 
based code-coverage reports. 

Working within Visual Stu- 
dio 2005, 2008 or 2010, dot- 
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code coverage in .NET Frame- 
work and Silverlight applica- 
tions, and it integrates with Jet- 
Brains' ReSharper unit testing 
tool set. 

dotCover also provides a 
console utility, enabling users to 
use it with a continuous integra- 
tion server. 

"We felt it would be fitting 
to give .NET developers a tool 
to help them see how successful 
they are in their unit-testing 
practices," said Oleg Stepanov, 
.NET division project lead for 
JetBrains. "[dotCover enables] 
developers to instantly see any 
lapses in code coverage, and at 
the same time integrate into 
corporate development and 
reporting workflow," he added. 

In addition to dotCover, 
dotTrace 4 Performance is an 
upgrade from JetBrains' .NET 
profiler offering. After being 
an all-in-one memory and per- 
formance profiler, dotTrace 
splits into two products, the 
company said. dotTrace 4 Per- 
formance is the .NET perfor- 
mance tool and will be fol- 
lowed by the introduction of 
dotTrace 4 Memory in several 
months. 

This reworked tool helps 
.NET developers get accurate 
information on performance 
bottlenecks in a variety of .NET 
applications, including those 
built on .NET Framework 4, 
.NET Compact Framework 3.5 
and Silverlight 4. 

With dotTrace 4, users can 
profile complex desktop and 
server applications as well as 
remote applications. They can 
also assess how removing a par- 
ticular bottleneck would affect 
the overall application perfor- 
mance, the company said. 

dotCover is offered now 
until Jan. 1, 2011, at an intro- 
ductory price of US$49 per per- 
sonal license or $99 per com- 
mercial license. All licenses 
include one year of free 
upgrades and technical support. 

dotTrace 4 Performance 
comes in Standard and Profes- 
sional editions. Commercial 
pricing starts at $399. Users can 
also purchase a bundle of dot- 
Trace 4 Performance and dot- 
Trace 3.5 Memory, a memory 
profiler with support for the lat- 
est .NET Framework, at a dis- 
counted price. Those with 
licenses purchased on or after 
Dec. 17, 2008, can be upgraded 
to dotTrace 4 free of charge. I 
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Browser-based architecture management handles projects 



BY KATIE SERIGNESE 

As software ages, changes to 
dependencies are inevitable, 
making architecture manage- 
ment more complex. Software 
architecture management solu- 
tion company Lattix has intro- 



duced the latest version of its 
solution to address this issue. 

A new Web application in 
Lattix 6.0, called the Lattix 
Repository and Project Browser, 
lets users view a projects archi- 
tecture, dependencies and met- 



rics, as well as publish reports on 
changes and trends over time. 

"Code organization doesn't 
reflect architecture, and archi- 
tecture erodes over time, which 
results in defects because 
change is propagated in places 



one wouldn't expect," said 
Frank Waldman, vice president 
of Lattix. 

To avoid this, extended teams 
use the Project Browser to track 
projects with "Snapshots" of 
each build. Snapshots are a sum- 
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maiy of key system metrics and 
changes, and they include archi- 
tecture diagrams, reports of 
architectural violations, cycles, 
and a current worklist of 
improvements for the project. 

"People use Lattix to extract 
interdependencies and create 
logical structures," Waldman 
said, "and the most common use 
case is to visualize the system." 

Since layering, components 
and modules are missing in a 
codebase or database, by using 
the DSM (dependency struc- 
ture matrix) approach, Lattix 
6.0 applies algorithms to soft- 
ware to help define them, 
Waldman explained. 

Lattix 6.0 also includes a 
new Action Script Module for 
analyzing the architecture of 
ActionScript and Flex MXML 
applications. 

The software supports 64-bit 
operating systems, and has mod- 
ules for Ada, C/C++, Java, .NET 
and Pascal, as well as for Oracle, 
SQL Server and Sybase databas- 
es, according to the company. I 

Microsoft warns of 
DLL remote attack 

BY ROBIN MILLER 

A DLL-preloading remote 
attack can occur, Microsoft said, 
when a user double-clicks a mali- 
cious file and specifically allows 
it to run outside of the default 
MSIE protected mode. It was 
first publicized by Microsoft on 
Aug. 23 as Security Advisory 
2269637, and can affect all ver- 
sions of Windows 7, Windows 
Vista and Windows XP. 

Of course, an unknown per- 
centage of Windows 7 and Vista 
users have protected mode dis- 
abled. And since these are the 
users most likely to download 
and try unknown software, they 
are the ones most likely to 
infect themselves. 

Microsoft said, "When an 
application dynamically loads a 
DLL without specifying a fully 
qualified path name, Windows 
tries to locate this DLL by 
searching through a well-defined 
set of directories." Obviously, by 
specifying fully qualified paths 
for all DLLs your applications 
load, you can spare your users 
this bit of potential grief. 

You can protect your own 
and your coworkers' Windows 
machines from this attack by 
going to tinyurl.com/attack-fix 
and following the instructions. I 
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Intel's AppUp is getting 0lntelw 
interest from OEMs 

BY ALEX HANDY 

The Intel Developer Forum is usually 
about the latest version of the USB or the 
newest multicore processors. But this 
year, while the usual hardware announce- 
ments were made, Intel unveiled an unex- 
pected new software product as well. 
AppUp is the company's new app store for 
netbook users, and Intel hopes to work 
with hardware OEMs to brand the store 
individually for each hardware maker. 

AppUp is already up and functioning 
at www.appup.com. The store is mod- 
eled on existing app stores, such as the 
Apple iPhone app store, where individ- 
ual developers can submit their applica- 
tions for sale, and then reap up to 70% 
of the end sale price in profit. 

AppUp is initially available for both 
Moblin and Windows. It currently offers a 
variety of software from entertainment 
and educational titles to lifestyle and per- 
sonal planning applications. But Intel 
doesn't plan on distributing the AppUp 
store on its own. Instead, it is working 
with OEM manufacturers to brand the 
AppUp store on their NetBooks. 

The first such branded AppUp store 
will be run by Asus, and will be included 
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Intel's AppUp store can be branded to coincide with the logos of a netbook OEM. The store 
itself will offer games, productivity software and other third-party consumer applications. 



on all of that company's new netbooks. 
Other hardware companies and even 
some retail outlets such as Best Buy are 
planning on offering their own branded 
versions of the AppUp store, as well. 

The AppUp store is also aiming to do 
something most other app stores have 
shied away from: installing runtime sup- 
port for non-native applications. Initially 
this has taken the form of support from 
Intel for Adobe AIR applications, but 
Intel has said it will support the installa- 



tion of other runtimes for specific appli- 
cations that require them. 

For users, AppUp will include a 
mechanism to test out new software for 
24 hours. This trial method will supplant 
any existing forms of demoing software, 
and the aim is for the application to be 
fully functional during these trial runs. 

To spur development in the AppUp 
store, Intel has set up a million-dollar 
fund to push the creation of applications 
for it. I 



SCO TO SELL OFF 
UNIX BIZ ASSETS 

BY KATIE SERIGNESE 

The SCO Group, provider of Unix soft- 
ware technology, announced it is pursuing 
a sale of most of its Unix business assets, 
including certain Unix System V software 
products and related services. 

With this asset sale, "our goal is to 
ensure continued viability for SCO, its 
customers, employees and the Unix 
technology," said Ken Nielsen, CFO of 
The SCO Group, in a statement. 

Referring to previous SCO funding 
for operating, administrative and litiga- 
tion expenses, RedMonk analyst 
Michael Cote thinks this is just another 
way to generate more money. 

"It looks like they want funds to sup- 
port the customers they still have and 
pursue revenue through litigation by 
going after Novell and IBM," he said. 

But for a business that deals in selling 
Unix products, it makes one wonder what 
will happen next. "What's left?" asked 
Bola Rotibi, research director at Creative 
Intellectual Consulting. "Nothing." 

The decision to sell portions of its 
Unix business comes after years of fruit- 
less litigation over the ownership to the 
copyrights of Linux source code. The 
company has been in bankruptcy since 
September of 2007. I 
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Apple relaxes iOS rules 



< continued from page 1 

have little reason for having 
their apps rejected now." 

Eror said Apples decision is 
part of the evolution of the App 
Store. "As the market for apps 
matures and app consumers 
become more sophisticated, 
there is less need for hand-hold- 
ing. Consumers will demand 
better apps, and they will get 
better at recognizing quality in 
the store." 

He went on to point out that 
"the 'app' as a product is only a 
2-year-old concept, and Apple 
has been very careful in shaping 
this new market in its image. In 
the end, Apple wants to protect 
its brand and make money, and 
it does that by getting more 
people to desire and buy its 
products. More awesome apps 
sells more iPads, iPhones and 
iPod Touches." 

Barney speculated that the 
change is a result of pressures 
from several fronts, with "the 
legal and social fronts being the 
most important." It has been 
widely reported that the U.S. 
Federal Trade Commission had 
begun to take a look at Apple s 
restrictions as an unfair busi- 
ness practice. 



"Apple, and many other tech 
companies, have to abide by the 
legal competitiveness laws," 
said Barney. "I think they may 
have seen that they were in a 
no-win situation in this 
respect... Additionally, Apple 
has been hit socially with 
appearing as 'the bad guys.' " 

Eror dismissed the idea that 
Apple had to make a move to 
keep developers from moving to 
Google's Android platform. 
"Apple is trying to sell more 
devices and distribute more 
software. The mobile device 
market as we know it now is so 
new that it's better for Apple to 
focus on growing the market 
and making awesome products. 
It's much easier to create a new 
smartphone user or a new tablet 
user than it is to convert an 
existing user to a new platform." 

Barney agreed that the deci- 
sion had little to do with 
Android, because that platform 
is already lagging. "Having used 
both tool sets and watched 
many newcomers use both, I 
can say that Android is at a 
large and distinct tool-set 
usability disadvantage," he said. 

"One of the biggest prob- 
lems these new developers face 



is that it is slower to develop and 
then test on the Android emula- 
tor than develop and test on an 
actual Android device. That 
really slows down all Android 
application development. Other 
than security flaws in the 
Android development model, 
this slow development cycle is 
the largest drawback to devel- 
oping Android applications." 

He continued: "I have 
watched many new developers 
create the same application on 
the Android and Apple tool sets 
side-by-side using comparable 
machines. In the time that the 
Android developers need to 
make a single change and run it 
to see the changes, the Apple 
tool-set users can make 10 
changes and see the results 10 
times. The Android tool set is 
much harder to use from a new 
developer point of view than 
the Apple tool set. It is harder 
to install, is less stable when 
writing code, and the emulator 
is finally working most of the 
time for most people." 

As for writing applications for 
the BlackBerry and Nokia plat- 
forms, Barney said, "Going to 
the dentist is more fun than cre- 
ating for those two platforms." I 



Suit won't hurt Java 



< continued from page 1 

was ready to go," he said. 

If that's the case, then 
Gosling's claim that "patent liti- 
gation wasn't in Sun's blood" 
would seem to be incorrect. 

While Oracle's lawsuit 
against Google may not be scar- 
ing away Java developers — not 
to mention the shroud of secre- 
cy surrounding Oracle's future 
plans for the platform and lan- 
guage — there is still a great deal 
of uncertainty left in its wake. 
Oracle's efforts with the Open- 
JDK are not helping to assuage 
fears, either. 

Mark Reinhold, Oracle's 
lead on the OpenJDK project, 
posted on his corporate blog in 
mid- September about the sta- 
tus of the OpenJDK. In that 
posting, he wrote that the 
OpenJDK wouldn't be com- 
pleted until late 2011 or early 
2012. He did say that only a few 
of the new pieces of the JDK 
would require this extra time, 
such as project Coin, an effort 
to implement small language 
changes across Java. He added 
that the OpenJDK could be 
used today if developers didn't 
want to wait for the additional 
work to be done. 



Add to that the fact that the 
OpenJDK provides patent liti- 
gation protection to its users, 
and the recipe for Java terror is 
not so enticing any more. 

"Certainly Oracle is an 
aggressive company. Lawsuits 
like this always give pause. 
Everyone is sort of sitting on 
the edge of their seat right now, 
waiting to see what's going to 
happen," said Pandey. "Certain- 
ly stuff like this does not help. 
On the other hand, I think this 
one data point could be blown 
way out of proportion." 

The OpenJDK seems to be 
the only area in which Java is 
currently evolving, however. 
Rod Johnson, director of the 
SpringSource business unit at 
VMware and member of the 
Java Community Process' exec- 
utive committee, said that the 
JCP is all but dead at present. 

"There's been very little 
activity on the executive com- 
mittee. I think we just have to 
wait and see what Oracle 
comes up with for JavaOne," 
he said. "The rest of the world 
is moving along fairly quickly. 
It's not like we need Oracle or 
the EC of the JCP to get things 
done." I 



Yehuda Katz: Plug-ins the focus of Rails 3.0 



< continued from page 1 

was to build a toolkit so that if 
you have a performance con- 
cern, you could build a subset 
of Rails that would be just as 
fast as Merb. 

Are the speed benefits obvious 
from the start? 

If you just start a Rails 3.0 
application from scratch and 
compare it to Rails 2.3, you may 
not get a huge speed improve- 
ment. But what Rails 3.0 does is 
it gives you the ability to opt out 
of expensive features. 

Rails has a bunch of HTTP 
features that make the browser 
happier. They add an extra mil- 
lisecond on the server. If you're 
writing an API, maybe that does- 
n't matter much. In Rails 2.3, 
you'd have to take all that. In 
Rails 3.0, you can say, "Give me a 
controller but don't give me the 
HTTP caching stuff." Rails 3.0 is 
built so that the default con- 
troller is the base, and we add a 
bunch of modules on top. 
So performance was a big focus 
for Rails 3.0? 
To be honest, performance 



wasn't the biggest part of our 
effort in Rails 3.0. We're 
aggressively working on perfor- 
mance in 3.1. I think it'll be a 
lot like Python: [Python] 3.0 
was a lot of new architecture, 
and 3.1 got fast. 

Plug-ins were the real 
focus. Ruby has this nice ben- 
efit of letting you overwrite 
anything at runtime. It's easy 
to write a plug-in that hacks 
into something and does what- 
ever. But that doesn't really 
scale if you have five plug-ins 
that are all hacking the inter- 
nals of Action Pack. That 
could start failing, and that did 
start failing. 

We added a bunch of plug-in 
APIs and built Rails itself as a 
plug-in. We had to expose stuff 
for ourselves, but more impor- 
tantly, it's easier to add your 
own. Action Mailer is a plug-in 
that happens to be developed 
together with the core team. If 
you just install the Rail Ties 
without Action Pack, Active 
Record will be wiped out with- 
out a trace. 



What types of third-party plug- 
ins does this change help out? 

There's a plug-in called 
Devise. It's an authentication 
plug-in by Jose Valim. He's on 
the core team now. He built 
something that worked reason- 
ably well in Rails 2.3, but in 
Rails 3.0, it feels like it's part of 
Rails. It's tightly integrated. It 
includes OAuth 2 support and 
Facebook Connect out of the 
box. If you install Devise and 
you want to integrate with 
some existing APIs, the fact 
that it's so tightly connected to 
Rails makes it seem like Rails 
has OAuth support. 

RSpec on Rails existed prior, 
and there were a lot of short- 
falls with that. Once you 
installed RSpec, you couldn't 
install the default generators 
anymore. You couldn't install 
the normal Rails controllers 
and get testing stubs. If you 
wanted to drop out another 
ORM [Object-relational map- 
per] like DataMapper, someone 
would have to build the RSpec 
DataMapper model generator, 



and people didn't tend to do 
that. What ended up happening 
is when you opted into these 
alternatives, you ended up los- 
ing the reason you used Rails in 
the first place. 

In Rails 3.0, in terms of gen- 
erators, when you do a con- 
troller generator, Rails calls out 
to the default ORM test frame- 
work or engine to generate 
whatever piece that is. The 
DataMapper for Rails plug-in 
has listeners for those hooks, 
and when Rails asks for a mod- 
el, it replies with "Here is what 
you should do." 

When you install DataMap- 
per, it drops directly into 
place, and it sees the amount 
of time that was spent in mod- 
els. Anything Active Record 
can do, DataMapper can do. 
We can't have any backdoor 
APIs anymore. Any API we 
use for Active Record is avail- 
able for DataMapper. Integra- 
tion with logs and Rake tasks, 
and a whole slew of things 
Active Record had built in via 
backdoor, are now available 



internally to all plug-ins. 
What were the big changes in 
Ruby 1.9.2? Anything you took 
advantage of in Rails 3.0? 

First of all, the Ruby team did 
a big service to the Ruby com- 
munity by allowing you to 
write a Ruby application that 
runs in both 1.8 and 1.9. 
Python has not done that. For 
Ruby 1.9, while it's not exactly 
compatible with 1.8, the work 
that has to be done to make a 
program run in both is not 
large. We've been running 
continuous integration against 
Ruby 1.9 from the beginning 
of the Rails 3.0 process. 
Things have changed over 
time. There have been a lot of 
changes in 1.9.2. 

The most obvious thing is 
performance. If you switch to 
1.9.2, you should see a big per- 
formance gain. There's a brand 
new virtual machine and a new 
compiler. It's more modern, 
and it uses real OS threads 
instead of Ruby implemented 
threads. It still has a global 
interpreter lock, so it can't run 
programs in real parallel, but it 
does a much better job of mak- 
ing five database requests at the 
same time. I 
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IT vendors are taking this aspect 
more seriously and are building it 



BY ALEXANDRA WEBER MORALES 
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If you ask security guru Bruce 
Schneier, the IT security industry 
was born by accident, ignored all its 
life, and is now dying. That's a fair 
summary, anyway, based on the link 
he sent to a late 2007 op-ed he wrote for 
IEEE Security & Privacy, "The Death of 
the Security Industry." 

Declining to be interviewed due to 
his travel schedule, Schneier did point to 
his prediction that security would be 
mainstreamed into IT vendor portfolios. 
"IT security is critical, but there's no 
earthly reason why users need to know 
what an intrusion-detection system with 
stateful protocol analysis is, or why it's 
helpful in spotting SQL injection 
attacks. As IT fades into the background 
and becomes just another utility, users 
will simply expect it to work. The details 
of how it works won't matter," he said. 

On the frozen tundra of recessionary 
IT spending, the only green to be seen 
last year came from the security market, 
which both grew revenues and became 
ripe for acquisitions. 



Among the mature tools with inviting 
price tags: Watchfire and Ounce Labs, 
makers of a Web application security 
analysis tool and a static analysis tool, 
respectively, were bought by IBM in 
2007 and 2009. SPI Dynamics (Web app 
analysis), Fortify (static analysis) and the 
just-announced ArcSight (monitoring) 
are all Hewlett-Packard purchases. 

McAfee's portfolio, ranging from 
antivirus to mobile device protection, 
was just snapped up by Intel, which cit- 
ed security as the third pillar (along with 
energy efficiency and connectivity) in 
today's computing experience. 

"Vendors are trying to take security 
more mainstream — that is, bake it 
into most things they do," said Michael 
Cote, an industry analyst with 
RedMonk. "There's always the tension of 
Microsoft finally doing rock-solid virus 
scanning for free in Windows, instead of 
letting the market for Intel/McAfee, 
Symantec, CA Technologies and others 
exist. But they seem to be avoiding that." 

Sized at a Gartner-projected US$4.2 
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In "The Protection of Information in 
Computer Systems" (Proceedings of the 
IEEE, September 1975), Jerome Saltzer 
and Michael Schroeder enumerate eight 
fail-safe security design principles. I 
reported them in an April 2000 article in 
Software Development entitled "Intru- 
sion Detection." They bear repeating: 

1. Least privilege: Relinguish access 
when it's not reguired. 

2. Fail-safe defaults: When the power 
goes off, the lock should be closed. 

3. Economy of mechanisms: Keep 
things as small and simple as possible. 



4. Complete mediation: Check every 
access to every object. 

5. Open design: Don't attempt "security 
by obscurity." Assume the adversary 
can find your hiding places. 

6. Separation of principle: Don't make 
privileged decisions based only on a sin- 
gle criterion. Use the onion-skin model. 

7. Least common mechanism: Minimize 
shared channels. 

8. Psychological acceptability: Make 
security painless, transparent and ubig- 
uitous. 

—Alexandra Weber Morales 
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billion, the consumer market for securi- 
ty technology dwarfs the market for 
developer-focused security tools, 
though the unveiling of a secure operat- 
ing system for the world's PCs would 
certainly mean death for Norton 
Antivirus and sub-zero temperatures in 
Hades. But Redmond's efforts over the 
past few years to assuage fears about 
identity theft and e-commerce scams 
did prime the pump for other security 
market niches. 

"The Microsoft Trusted Computing 
initiative was all about what happens at 
the end point, which is where Microsoft 
does most of its business," said For- 
rester principal analyst Chenxi Wang. 
"It talks nothing about what's happen- 
ing in the cloud or in the network. That 
part is clearly missing from the Trusted 
Computing initiative. This string of 
acquisitions points to IT security 
becoming a core business process, not 
just technology function that sits on the 
side. Broad IT security strategy will be 
part of a platform play for companies." 

THE FIREWALL ISN'T THE END-ALL 

In the history of computer science, 
injecting security awareness into the 
application development life cycle has 
yet to gain traction. Could the new dan- 
gers bombarding software change that? 
Approximately 80% of successful attacks 
last year were at the application level, 
according to the U.S. government's 
Computer Emergency Readiness Team. 
Securing networks and perimeters are 
crucial activities to be sure, but develop- 
ers can't continue to ignore the perils of 
poor design. 

Wang points to the January 2010 
Aurora attack on Google, which exploited 
a flaw in Microsoft Internet Explorer, as a 
watershed event in the applicatiozlevel 
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security market. As a result, Google 
launched a security lab, she said. And the 
threat is ongoing: A new, as-yet 
unpatched zero- ^^^^ 

day vulnerability 
in Adobe PDF 
Reader and Aero 
bat software is being 
exploited in what was 
reported on Sept. 13 as 
possibly a continuation of 
the Aurora attacks. 

"The stakes are a lot higher 
than they were a few years ago 
when we were dealing with 
script kiddies and hackers," 
said Wang. "These days we're 
seeing the threats moving to low 
and slow, steady attacks aiming at 
obtaining your crown jewels: Your core 
IP or your competitive secrets." 

And the little things add up, accord- 
ing to Bola Rotibi, a UK-based research 
director of Creative Intellect Consult- 
ing. "There was a big study back in 2009 
that showed the top 25 security errors 
on websites," she said. "They were cost- 
ing the industry a billion dollars, but 
they could be easily identified with stat- 
ic analysis tools. People are now recog- 
nizing how much this is costing them." 

Cloud computing, too, portends new 
challenges and uncertainties. With soft- 
ware-as-a-service, browser-to-server 
communication "inevitably leaks out 
the program's internal states to those 
eavesdropping on its Web traffic, sim- 
ply through the side-channel features 
of the communication such as packet 
length and timing, even if the traffic is 
entirely encrypted," wrote XiaoFeng 
Wang, director of the Center for Secu- 
rity Informatics at Indiana University, 
in an abstract describing Sidebuster, a 
continued on page 24 ► 
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< continued from page 23 

tool for detecting side-channel 
vulnerabilities. 

Despite these sea changes, 
many developers still focus on 



the impending security tsunami. 
Gartner analyst Joseph Feiman 
describes the surprising result 
when he and his colleagues 
asked attendees at security sum- 



g sine siffft ire s 




colorful features, unaware of mits around the world to choose 



the most realistic of four securi- 
ty scenarios for the future, rang- 
ing from whether white hats will 
prevail over black hats to 
whether the entire profession 
will be absorbed into other IT 



disciplines (as Schneier posits). 
"The first quadrant was soft- 
ware engineering: Very effective 
security becomes an integral 
part of software. That wasn't 
very popular. Next was chaos: 




The profession and infrastruc- 
ture fail. Hackers, criminals and 
terrorists take over the normal 
guys and shut down Web com- 
merce. Number three was a 
perpetual arms race. And fourth 
was security nirvana: We suc- 
ceed extremely well, and ene- 
mies yield to our expertise," 
Feiman explained. 

The result? Among Euro- 
pean and Australian audiences, 
the most likely scenario was the 
perpetual arms race. Among 
Americans, however, it was 
security nirvana. 

"We were amazed. This is 
after 9/11, etc.," Feiman said. 
After a discussion period, the 
U.S. audience did change its 
vote to perpetual arms race, but 
the initial result says something 
either about American opti- 
mism or its faith in technolo- 
gy — or both. 

Regardless, the optimism is 
misguided, Feiman wrote in 
his May 2009 report on the 
meetings, entitled "Security in 
2013 and Beyond." "Software 
Engineering has not succeed- 
ed over the last 50 years (since 
the inception of industrial 
computing) in ensuring the 
delivery of high-quality appli- 
cations. There is no reason to 
believe that it will succeed in 
delivering high-security appli- 
cations over the next five 
years," he wrote. 

THE TOOLS ARE OUT THERE 

Inside the development shop, 
it's going to take more than just 
a few Coverity licenses or some 
FindBugs freeware to enforce 
code-level security. First, 
there's overcoming the afore- 
mentioned head-in-the-sand 
syndrome. Second, understand- 
ing that code reuse and third- 
party widgets make it impossi- 
ble to know exactly what 
vulnerabilities exist either in 
the source code or in the com- 
bined interactions of all the 
moving parts. Third, secure 
design must become a part of 
the design process, not a bolt- 
on or a deployment test. 

The Open Web Application 
Security Project, for example, 
has a snazzy idea for intro- 
ducing security-focused code 
reviews into an agile develop- 
ment team's process: Evil user 
stories. You "hack" the product 
backlog by adding stories that 
describe malicious scenarios, 
such as, "As a hacker, I can send 
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bad data in the content 
of requests, so I can access data 
and functions for which I'm not 
authorized." Further, a host of 
common Web security scenar- 
ios must be considered in every 
development iteration. 

Most everyone seems to 
agree that security is one area 
that, unlike agile develop- 
ment, benefits from a top- 
down mandate. Security 
awareness training and just-in- 
time IDE aids or build scripts 
can help code stay cleaner, 
according to Forrester's 
Chenxi Wang. Along those 
lines, she said that more and 
more secure design concepts 
are finding their way into tech- 
nology itself. 

"I think there's some inter- 
esting work that is happening 
if you look at the progression 
of IDEs or frameworks," she 
said. "More and more memory 
safety techniques are being 
built into the language itself. 
Some security controls are 
migrating into development 
environments. Some could be 
built into the compilers. Cer- 
tain security controls can be 
built into the silicon. We see it 
happening a little bit, but I 
don't think it's happening 
enough. I think we need to 
move more of the controls out 
of developer hands so they 
don't make mistakes." 

COULD INTELLIGENCE EMERGE? 

Feiman said that his company's 
reports since 2006 have 
advised platform players to 
snap up security ISVs, and that 
their purchasing predictions 
have been spot-on when it 
comes to IBM and HP. Now 
the companies are integrating 
those tools, using static and 
dynamic analysis in tandem, 
for example, to triangulate on 
weaknesses. "If you bring For- 
tify and Weblnspect together, 
the discovery of a vulnerability 
by one technology will be 
either disproved or confirmed 
by the other," he said. 

But even that improvement 
is no end game. "The concept 
that will bring it all together is 
what I call Enterprise Security 
Intelligence, or ESI," he said. 

Security is only going to get 
more overwhelming, Feiman 
says. By merging the existing 
silos around protecting net- 
works, applications and data, 
enterprises can move from a 



coverage-based approach to a 
query-based one. 

"The traditional security 
model, in which vendors sell — 
and enterprises buy — scanner 
runs or monitor time, will 



become ineffective and obso- 
lete. Security intelligence will 
evolve into an explicit product 
or service with an explicit pric- 
ing model. Vendors can sell, and 
enterprises can buy, queries — 
specific answers to specific 
questions," wrote Feiman in a 
June 2010 report on ESI. 

Rotibi and others concur. 



"The story around security is 
going to change. It's not saying 
that we don't have tools. It's 
asking how all of these are 
going to be integrated into a 
strategy," said Rotibi. But even 
with focused security intelli- 
gence and better application- 
level design, doesn't that 
increased level of attention — 



no matter how integrated the 
tool set may be — imply that 
security professionals, like 
police, prison guards and sur- 
geons, still have to do the dirty 
work when prophylactic mea- 
sures fail? 

Whatever the answer, one 
thing is clear: The IT security 
industry isn't dead quite yet. I 
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FROM THE EDITORS 

Java is safe, for now 

Now that Oracle and Google are engaging in open warfare over Java 
patents surrounding Android, it's reasonable to wonder whether lit- 
igation is the future of Java. But don't worry. Oracle isn't SCO. You don't 
need to hide your Java code in a bomb shelter, or even disguise your 
developers using Groucho Marx masks. In fact, when it comes to enter- 
prise development teams writing and deploying Java SE, Java ME or 
even Java EE applications, the lawsuit changes absolutely nothing. Keep 
on coding, keep on deploying, nothing to worry about. 

The story may be different, however, if your business is to sell plat- 
forms that embed a Java runtime that's not officially licensed by Oracle. 
Exhibit A, of course, is that Google's Android platform uses the Dalvik 
virtual machine, which Oracle claims violates its patents. 

If you make your money selling Java, perhaps it's time to search for alter- 
nate sources of income. Certainly, Oracle hasn't lined up targets other than 
Google yet, but if it wins the Android suit, that could spur further disputes. 

It is a shame, however, that all of the attention being paid to the Oracle 
v. Google lawsuit isn't also being directed toward the OpenJDK. That pro- 
ject is genuinely solving some of the traditional problems of the Java envi- 
ronment, and it's currently one of the most happening areas in the field. 

While JBoss, Spring and Tomcat continue to push forward the state of 
enterprise Java, the OpenJDK has gathered a real head of steam and inter- 
est thanks to tireless contributions from both inside and outside of Oracle. 

Despite its vibrant community, the scope of the project means that the 
OpenJDK is likely two years from completion. Unfortunately, many of 
the Java luminaries we've spoken to cite the OpenJDK as the insurance 
policy that will keep users safe from patent litigation. Does that mean 
Java vendors will have to wait another two years before they can feel tru- 
ly safe? It does look that way. 



Apple blinked 



The industry — and the pundits — screamed bloody murder when Apple 
revised its developer license agreements to block the use of third-par- 
ty tools, such as code generators, to create applications for the iPhone, 
iPod touch and iPad. We were among those complaining about Apple's 
seemingly gratuitous restrictions on its developers. We are pleased, there- 
fore, that Apple has backed down and has formally revised its license 
terms to be more accommodating to cross-platform development. 

In June, Apple changed section 3.2.2 of its developer agreement in a 
way widely perceived as blocking Adobe's Flash platform — but which 
caught up other third-party tools as well. The terms read: 

"Unless otherwise approved by Apple in writing, no interpreted code 
may be downloaded or used in an Application except for code that is inter- 
preted and run by Apple's Documented APIs and built-in interpreter(s)." 

In early September, Apple changed 3.2.2 to say, "An Application may 
not download or install executable code. Interpreted code may only be 
used in an Application if all scripts, code and interpreters are packaged 
in the Application and not downloaded." 

We believe that Apple's terms, which permit generated code, are now 
reasonable. But why did the notoriously secretive company change its 
mind? It may be because Android is coming on strong, and Android 
developers lack any such restrictions. Or it may be because Adobe asked 
the U.S. Federal Trade Commission to investigate Apple's draconian 
license agreements. Either way, it's good news. 

We are also pleased that Apple has pledged to release the internal 
guidelines that it uses to evaluate iOS applications. This will help all 
developers, both corporate and independent, understand exactly what 
they can and cannot do. 

With luck, Apple has learned an important lesson: Developers don't 
want to be told how to write their software. Code generators are an 
important part of the mobile landscape. We're glad to see Apple loosen 
those restrictions. I 



Short take 



/ 





WITH THE ANNOUNCEMENT of 

Intel's AppUp, it would seem that truly 
everyone has their own app store now, 
even companies that don't actually deal 
with consumers very often. But Intel is 
not the first company to get on the band- 
wagon, not by a long shot. 

It all began with Apple, as it usually 
does when there is a UI paradigm shift 
in the marketplace. The iPhone app 
store fixed everything that sucked about 
smartphones. Remember when you got 
your first BlackBerry? Or Palm Pilot? 
Remember how difficult it was to find 
good applications for those devices? And 
when you got them, you had to down- 
load them to a PC then upload them to 
the device. 

Fortunately, that's all part of the past, 
unless you still use a BlackBerry, in 
which case finding their App World store 
is half the battle. Today, we /fy> 
have the Android store, 
Google's Web applications 
store, the Palm 
app store, the 
Java app store, 
and a dozen oth- 
er also-rans on 
the Web. It's get- 
ting a bit out of con- 
trol, really. 

I'm actually happy to see the rise of 
app stores. For years, finding good soft- 
ware has been a hunting-and-pecking 
affair, often driven by word of mouth. 
Rarely was it possible to find a compre- 
hensive list of software that wasn't out of 
date or horribly skewed toward the pro- 
clivities of one software maker. 

In Windows, this is an even keener 
problem: Users are expected to find 
applications in the wild, and then to 
install these apps themselves. Sure, 
that's no problem for you and me, but 
for the average inexperienced user, 
that's a difficult process. Never mind 
the fact that this also raises the chances 
of someone downloading virus-ridden 
software, or loading an app that will 
never go away and constantly pesters 
the user to register. 

Of course, us Linux users have 
known and used app stores for years. We 
just call them repositories. 

— Alex Handy 

THE U.S. HIGH-TECH INDUSTRY 

added 32,000 jobs between January and 
June of 2010, a 0.5% gain, according to a 
report released by TechAmerica Foun- 
dation, a non-profit organization that 
researches the U.S. technology industry. 

The report is based on the U.S. 
Bureau of Labor Statistics data and 
looks at four sectors in the high-tech 
industry: tech manufacturing, communi- 
cations services, software services, and 
engineering and tech services. 

"As one of the last industries to feel 
the effects of the recession, the technol- 



ogy industry now appears to be slowly 
turning the corner with the rest of the 
economy," said TechAmerica president 
and CEO Phil Bond. 

From June 2009 through June 2010, 
the technology sector lost 72,800 jobs, a 
1.2% workforce decline. Included in the 
jobs lost were 22,800 in communications 
services. Although, software services 
added 14,200 jobs and engineering and 
tech services added 29,700 jobs the first 
six months of this year. 

— Katie Serignese 

I USED TO LOVE SUNDAYS in the 

fall. To me, that meant football. And that 
meant getting together with a few 
friends to watch the Giants game. 

Well, I don't love Sundays in the fall 
so much anymore. And I blame it on the 
Internet. The ability to get updated indi- 
vidual player statistics in real time has 
led to a boom in "fantasy football," 
which has, to many, become more 
important to them than the outcome of 
real games. Now, Sundays mean getting 
together with a "fantasy league" of 
friends to watch all the weekend's games 
at once via the NFL package, while their 
laptops are open to the fantasy league 
hosting site where their players' stats are 
constantly updating. 

That whole "fantasy" thing is weird to 
me. We were watching the Giants game 
last week — when it wasn't being 
switched to another game because some 
relatively obscure running back in the 
Seattle-San Francisco game might have 
a chance to score on a second-and-2 
play — and one of guys said: "Let's put on 
the Cowboys game. I hate them, but I 
activated Marion Barber this week, and 
I want to see if he scores." 

So, rooting has become more compli- 
cated due to the Internet: You can hate 
a team, but still root for an individual 
player on that team to have a good 
game — maybe even against a team you 
like — because you need his stats to boost 
your fantasy team. Give me the days 
when everyone who watched football 
with me wore the same jersey and root- 
ed for the same team. And watched one 
game and one game only. 

— David Rubinstein 

GOOGLE INSTANT CAME OUT 

recently, and the tech press seemed to 
love it. I'm not sure why, as all it is is a 
more advanced autocomplete, except 
this time it slows things down as the 
page updates as you type. 

I can understand Google trying to 
hype its own inconsequential product 
updates (11,000 work hours saved!!! At 
last, I no longer have to hit enter/return 
when I search), but why did the press 
buy so heavily into it? Hmmm, maybe, 
in a roundabout way, I just answered my 
own question. 

— Adam LoBelia 
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LETTERS TO THE EDITOR 



A word of advice for job-seekers 



Alan Zeichick, regarding your question, in 
your Aug. 30 take (www.sdtimes 
.com/link/34587), 'What do you tell job- 
hunters in this economy?" The answer is 
simple... Move! 

The answer sounds ridiculous. Why 
move without a job first? But when I say 
move, I don't necessarily mean move 
physical locations (though that will even- 
tually require a physical move). I mean 
move your job search to a different, low- 
populous area of living. 

For these last 10+ years, I've worked at 
the Center for the Application of Infor- 
mation Technologies, Western Illinois 
University. The Center is located in the 
rural town of Macomb 111., past corn fields 
70 miles from several major surrounding 
cities (Quad Cities, Peoria, Springfield, 
Quincy), and other mid-size cities. It's also 
a four-hour drive south from Chicago. 

One of the most challenging things 
our Center faces is finding, and wooing, 
potential employees. We are not able to 
attract and hire individuals that work in 
bigger areas for the following reasons, as 
has been told to us by actual candidates: 

1. "Your review process took too long!" 
(The government requires a certain 
length of time to keep a search open 
and review candidates, and it takes 
longer than a corporation that can 
close the search when it finds the 
right candidate.) 

2. "You do not pay as much as the corpo- 
rate equivalent." 

3. "I don't want to work at a government 

j° b/ 

4. "You pay taxes out of your paycheck! 



And you won't pay me more to com- 
pensate?" 

5. "You need to offer me as much as I 
would get for the same job in Chicago." 

6. "Macomb is too small of a town." (The 
candidate preferred to work in a large 
suburb of Chicago where the commute 
is more than an hour away every day.) 

There are lots of jobs in small commu- 
nities across the United States that 
require the expertise of people described 
in the article. But many of these people 
confine their job searching to these types: 

1. Jobs only located in their preferred 
area (usually excluding small towns 
where they never expect to find a job). 

2. Jobs only located in major cities. 

3. Jobs advertised in only major media 
(Monster, major newspapers). 

4. Jobs that pay a preferredd minimum 
salary. The cost of living and quality of 
life of the area are never considered. 

But there are benefits beyond the 
salary. Some of these are specific to the 
Center as an employer: 

1. Once you get a job by an employer 
like us, it is typically more secure than 
the corporate equivalent. 

2. Government benefits are guaranteed 
by the state constitution, and will 
remain even if the employer closes. 

3. Being a government agency, employees 
have non-taxed investment options. 

4. The non-financial benefits are better 
than the corporate equivalent. For 
our university, a few of these are: 

a. Six weeks paid paternity or mater- 
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A survey from Net Market Share of the operating systems used by users browsing its 
network shows that, compared to last year, Windows 7 has made significant gains in 
market share. Mac OS X has also made gains, but still trails behind all three versions of 
Windows. The survey aggregates data from approximately 160 million visits per month, 
according to the company. 
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nity leave. 

b. Holidays are mandatory vacations 
not subtracted from your benefits. 

c. You earn two vacation days a 
month, and 12 sick days a year. 

d. You can save up to 48 vacation 
days, and you don't have to earn 
seniority first. 

5. The working day is 8:00 a.m. to 4:30 
p.m., five days a week. Corporations 
typically require more time per day, 
plus required overtime. 

6. The typical one-way drive to work for 
an employee is five minutes. 

7. The local school system is above par. 

8. There is a highway from Macomb to 
two major cities, and two more high- 
ways are being built. 

9. The cost of living is more than 30% 
lower than the Chicago suburbs. 

I can go on about the benefits of work- 
ing at small business, government and 
higher-education jobs. But employers like 
us are routinely overlooked because job- 
seekers draw a line in the sand: The finan- 
cial compensation and location must meet 
their expectations, or forget it. 

So I say to job-seekers who cannot 
find a job: Get out of your comfort zone! 
Move your job-seeking to a low-popula- 
tion area, don't limit your search to what 
is given on major advertising channels. 

If you stay in a crowded area, you 
become a dime-a-dozen and can be over 
looked for opportunity. But in our less 
dense areas, you are the big fish we have 
been hoping to catch... and you have 
more room to continue growing in your 
field of work than you think. 

Russell E Glaue 

Western Illinois University 

WHERE TO GET STARTED WITH PYTHON? 

Andrew Binstock's column ("Gimme 
better tools," Aug. 15, p. 29) about the 
lack of user-friendly and easy-to-use 
IDEs was spot on. 

I'm a beginner and I'm looking for 
something as simple as the Python IDE, 
yet upgradeable with plug-ins like Eclipse 
or NetBeans. Does such thing exist? Or 
am I searching for the Holy Grail? 

Pablo Rivera 

Andrew Binstock responds: 

Thank you for your kind words. I am 
not a Python developer, so my knowl- 
edge is limited. However, I keep hearing 
good things about ActiveState's Python 
IDE. They have an open-source version 
(with fewer features), and a for-pay ver- 
sion with a greater feature set. See: 
www.activestate.com/komodo-edit. 



Letters to SD Times should include the writer's name, 
company affiliation and contact information. Letters 
become the property of BZ Media and may be edited. 
Send to feedback@bzmedia.com. 
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SharePoint Comes Back 
to San Francisco! 



Attend 



7»* 



SPTechCon 

The SharePoint 
Technology Conference 



Feb. 7-9, 2011-> San Francisco 



Hyatt Regency Burlingame 

Choose from over 
Q^ Classes 
9U& Workshops! 



Learn from the most 

experienced SharePoint 

experts in the industry! 

Keynote by Joel Oleson 



"Awesome coverage of SharePoint. SPTechCon 
is a great place to learn and network with 
SharePoint Gurus." 

Devendra More, Associate Business Systems Analyst, CA Inc. 

"Great! Well-planned, the classes were great for 
my organization's needs." 

Uka Udeh, IT Specialist, DDOT 

"The conference is well worth the money 
and the time." 

Ken Crawley, IT Manager, Contra Costa County 
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Now Open! 






A BZ Media Event 



Follow us at twitter.com/SPTechCon 
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Is the rust heap next for IronRuby, IronPython? 



The recent release of tools targeting 
new programmers, and the depar- 
ture of a major force on the IronRuby 
development team, caused some pre- 
dictable teeth-grinding from Microsoft 
watchers. Light Switch, which I dis- 
cussed in a recent column ("LightSwitch 
turns up," Sept. 1, p. 24), and WebMa- 
trix, a free Web-development stack, are 
Microsoft products aimed squarely at 
newer programmers — the people who 
once made Visual Basic such a success 
and who in recent years have been flock- 
ing to PHP or ColdFusion. 

Are C# and Visual Basic on the CLR 
accessible to newcomers? I give you "pub- 
lic static void Main(string[] args)". Scop- 
ing, class versus instance methods, return 
values, arrays, perhaps the difference 
between value and reference types, per- 
haps the immutability of string instances, 
the idea of an entry point... There are 
probably even more concepts in there 
that are "obvious" or evoke the "don't 
worry about that for now" response. 

Visual Basic is easier, but it's still hard- 
er than Python or Ruby, languages that 
have more advanced resources and more 
modern frameworks to aid the program- 
mer as they become more experienced. 

In my column on LightSwitch, I said 
that support for IronPython and IronRu- 
by were "no brainers," but the Dynamic 



Language Runtime, which some of us feel 
is one of the huge "wins" for the .NET 
stack, hasn't been pushed by Microsoft 
lately, and the unfortunate timing of the 
departure of IronRuby's major developer 
was seen by some as evidence that Red- 
mond's strategy is scattered and counter- 
productive. The rumor that IronRuby 
now consists of one half-time 
developer is hardly encourag- 
ing for the project's survival. 

In a blog post on wilder- 
muth.com, C# MVP Shawn 
Wildermuth made the argu- 
ment that "Microsoft isn't a 
big company... [T] he reality is 
that Microsoft is a single HR 
department that services 
100+ small companies." The 
post was praised by Microsoft 
cheerleaders. It's a clever 
Microsoft's famously competitive inter- 
nal environment, but it's also nonsense. 

The percentage of Ruby use in star- 
tups is significant, and at least some smart 
people (including those at Microsoft 
Research) use technologies implemented 
on the Java Virtual Machine, Web servers 
other than IIS, and GUI toolkits that 
aren't from the Pacific Northwest. 

Just as Microsoft's teams are com- 
pelled to use Microsoft technologies, 
those outside Microsoft are hardly com- 




peting on a level playing ground against 
Redmond's "startups." No one evaluates a 
product launched by Microsoft and thinks 
of it as risky as opposed to a product 
launched by a startup. Would, say, Team 
Foundation Server have been adopted as 
rapidly as it did if people did not assume 
that Microsoft stood behind the product 
in a way that no startup could? 
The main thrust of Wilder- 
muth's post was that 
LightSwitch is not aimed at 
the engaged professional 
developers who closely follow 
Microsoft's Developer Divi- 
sion. That's certainly true. But 
it's wrong to deny Microsoft's 
responsibility to be taken at 
face value; if Microsoft says, 
"X is the best thing for this 
type of developer," then they are equally 
saying, "Y is not the best thing." If 
Microsoft cancels IronRuby, it will be 
because Microsoft has consciously decid- 
ed that, for every type of programmer, 
there are better choices than Ruby. 

I don't personally agree with that, but 
if someone were to say, "What were you 
looking for in IronRuby that you could not 
get from IronPython?" I would admit that 
it's mere preference and some specific 
libraries that almost certainly have equiv- 
alents in the Python world. But if, on the 



other hand, IronPython is never promot- 
ed to the "first-class" category that houses 
Visual Studio integration, that cannot be 
dismissed as disinteresting to the public. 
On Microsoft Connect, the only feature 
with more votes than IronPython integra- 
tion is IronRuby integration. 

Visual Basic is an under-respected lan- 
guage, and C# is my favorite among main- 
stream languages, but I don't think their 
union is the set of "best choices, at all 
times, for all developers." Especially since 
you need two other entries to contain the 
entire set: C++ and F#. C/C++ I'll grant 
you for all your unmanaged needs, but if 
functional programming as embodied in 
F# has enough to offer to be first class, so 
too does dynamic programming as 
embodied in (at least) IronPython. 

Even more, I would love to see the 
promise of .NET's explicit design goal of 
accommodating many languages be more 
actively supported by Microsoft. Despite 
the DLR, which makes it much easier to 
implement certain language features, 
there are significantly fewer languages 
available for .NET than for the Java VM. 

One of my favorite developments of 
the past several years has been the 
resurgence of interest in programming 
languages. It would be nice if Microsoft's 
stack were the best place in the world 
for that interest to play out. I 

Larry O'Brien is a technology consul- 
tant, analyst and writer Read his blog at 
www. knowing, net. 



The myth of open-source forking 



A client that my company consults for 
is a provider of an open-source library 
that's been distributed for most of the last 
decade under a fairly permissive license. 
Last year, in order to encourage payment 
from companies that were embedding the 
library in their commercial products, we 
recommended migrating the product to a 
viral open-source license. 

While the client was generally in 
favor of this approach, management was 
genuinely concerned about a project 
fork — that is, that someone would take 
the permissively licensed product and 
make changes to it that would keep it 
up-to-date with the original version, and 
perhaps even add capabilities. I was not 
concerned about this. With half a million 
lines in the codebase, I doubted anyone 
with the expertise had the commitment 
to provide this service for free — and 
compete with the established version. 

When the version of the library was 
released with the new viral license, there 
were complaints and two posts on the 
mailing lists about forking the project. 
One of them asked for potential contribu- 
tors to respond. We don't know if anyone 
did, but on the mailing list, there were no 
statements of support. Almost a year later, 
we are not aware of any project forks. 

Forking is frequently touted as one of 



the principal benefits of using open 
source. The reality, however, is that this 
is primarily an abstraction. Projects of 
any substantial size are extremely diffi- 
cult to fork, and successful forks not 
backed by serious dollar investments are 
very, very rare. The reason for the diffi- 
culty lies at the heart of another open- 
source myth, namely of the 
midnight engineer generously 
donating his or her time to a 
project that interests him or 
her. Those people certainly 
exist, but they are rarely the 
principal developers of a large 
project. I discussed this phe- 
nomenon in my column, "The 
Changing Face of Open 
Source" (Jan. 1, 2006, p. 28). 

Core developers of large 
projects are almost always paid develop- 
ers. This is true for Eclipse, JBoss, Red 
Hat, most Google projects and, notably, 
OpenSolaris, among many others. These 
developers are either employees of com- 
panies that have a commercial interest 
in the finished product, or that derive 
revenue from ongoing support of the 
product. These developers, then, don't 
have any reason to join a fork. In fact, 
they have strong reasons not to. 

In the event an open-source project is 
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closed down, such as Oracle's OpenSo- 
laris, the competition of an existing prod- 
uct is no longer a constraint, but the lack 
of payment for contributions is a limita- 
tion. Today, this dynamic is playing out 
with Illumos, the community that has 
gathered to keep OpenSolaris going. The 
project, which is receiving contributions 
in kind (as in services such as 
hosting), will taste success only 
if it can secure the wherewith- 
al to hire Solaris engineers 
who leave Oracle or are drawn 
in from other companies. 

While it's certainly possi- 
ble that engineers could vol- 
unteer their time, it's unlikely 
they will contribute on a scale 
sufficient to do more than 
maintenance. Illumos' princi- 
pal goal of replicating the new features 
Oracle adds to Solaris is unlikely to be a 
big draw for engineers assessing where 
to donate their time. Most contributors 
to open-source projects enjoy, even 
delight in, blazing new paths rather than 
copying features — especially when 
they're developed by a company viewed 
as an antagonist. 

Most open-source forks of any 
importance (such as the FreeBSD and 
OpenBSD forks of BSD Unix, as well as 



the many variants of Linux) occur in 
operating systems, and generally 
because of a specific need that a group is 
willing to invest in. 

Ubuntu is a prime example, and one 
that was well funded. Community-based 
forks of Linux mostly originated when the 
OS was smaller and less stable than it is 
today. Other forks, such as the Joomla- 
Mambo-MiaCMS tri-vergence, were 
done due to personality or philosophical 
differences. I leave you to decide which 
have been successful and which not. 

Forks of open-source projects nearly 
always split a community. Because most 
projects don't have a large community to 
begin with, if there is no one paying for 
development of the fork, most forks die 
off quickly as the forking group begins to 
realize the size of its undertaking and the 
limited resources at its disposal. There 
have been perhaps 25 successful forks of 
high-profile projects that were sustained 
by a volunteer community. And those few 
projects (most of which occurred years 
ago) have kept alive the belief that fork- 
ing is a standard open-source activity and 
a viable development option. 

However, unless there is a serious 
commitment of dollars behind the new 
project, in today's world, most forks are 
stillborn or die quickly. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. Read his blog at 
binstock. blogspot. com. 
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SoftCity and the social app store 



In this new age of social computing, 
everyone, it seems, wants to create a 
"community." They exist for developers, 
software architects, IT guys and more. 
There's a home for everyone, and more 
than one for most. 

Into this crowded land- 
scape comes SoftCity, which 
launched in April what it calls 
a "social commerce communi- 
ty" where developers and soft- 
ware users can communicate, 
share ideas, and benefit from 
each other's knowledge — and 
buy and sell applications. 

The site, www.softcity.com, 
actually has two sections. One 
is a marketplace, where developers 
"have a secure, friendly place to sell soft- 
ware," according to SoftCity director of 
business development Wade Goodman. 
Potential customers can take advantage 
of "try and buy" options and read 
reviews from other cus- 
tomers. 

The second section is a 
virtual cafe, "where the com- 
munity takes place," Good- 
man said. There are articles 
on software, and areas where 
users can ask questions of 
experts and post their own 
comments. 

Goodman said the site was 
written from scratch, because 
a "SoftDollars" reward pro- 
gram required that site man- 
agers be able to track cus- 
tomers and their usage. 

"We want to be much 
more than a download site," 
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Goodman explained. "There are no ads, 
it's real clean visually, and completely 
free for developers." 

This is a unique approach to the "app 
store," which normally just provides 
downloads. The purchasers 
get no documentation, nor 
the opportunity to speak with 
other purchasers of that 
application or the developer 
himself. As for the developer, 
he gets direct feedback from 
users and potential users 
about his application, and 
perhaps even the germ of an 
idea for a different applica- 
tion. 

Goodman said there are about 75 or 
80 developers involved in the market- 
place, with about 200 products available 
in the store. He did not have figures on 
membership on the "cafe" side. Non- 
members can read comments in the 
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cafe, but only members can add content, 
such as reviews and discussions. 

The marketplace is free for develop- 
ers, who get about 50% to 75% of the 
revenue from software sold. Depend- 
ing on the developer's status, he would 
be provided with a storefront on the 
SoftCity site for his products. Also, 
tools are available for the developer to 
cross-promote his software with com- 
plementary products from other sell- 
ers, Goodman said. 

While SoftCity is not a specialized 
environment, Goodman said, the focus 
to this point has been on general-use 
Windows applications. Surprisingly, 
there have been only a few games put up 
for sale. "That's an area we thought 
would take off early, but it hasn't," he 
acknowledged. "But Windows ISVs are 
showing up with system tools and 
resources, and music and photo things." 
So, as other app stores try to find 
success with platform-spe- 
cific applications — see Sales- 
force or the iPhone App- 
Store — SoftCity is creating a 
new social marketplace 
where developers and end 
users can put their heads 
together about software. 
Feedback has always been a 
critical part of software 
updates and future develop- 
ment plans, so bringing it 
together in one location 
seems like a win for users 
and a win for developers. I 

David Rubinstein is editor-in- 
chief of SD Times. 



BUSINESS BRIEFS 




VMware has entered into definitive agreements to acquire 
Integrien, a real-time application and infrastructure perfor- 
mance analytics software vendor, and TriCipher, a provider of 
secure access management and enterprise identity federation 
for cloud-hosted SaaS applications. VMware plans to combine 
Integrien's real-time performance technology with its vCenter 
management products to create a level of automation and 
control required for virtualized and cloud infrastructures, the 
company said. In addition, TriCipher's capabilities will support 
VMware's initiatives in identity-based security, integration of 
hybrid clouds, and managed anytime access to SaaS applica- 
tions from any device. Both acquisitions are expected to close 
in the third quarter of 2010. Financial details of the transac- 
tions were not disclosed ... HP is set to acquire security and 
compliance management company ArcSight for US$1.5 bil- 
lion, or US$43.50 per share. According to an HP statement, 
ArcSight's Enterprise Threat and Risk Management Platform 
will complement its existing security portfolio of hardware, 
software and services. The acquisition will be conducted by 
means of a cash tender offer for all of ArcSight's outstanding 
shares of common stock. The deal is expected to occur by the 
end of this year ... For the fourth consecutive year, SAP has 



been named as the leader of the software sector of the Dow 
Jones Sustainability Indexes. According to an SAP state- 
ment, the annual review of the DJSI family is based on analy- 
sis of corporate, economic, environmental and social perfor- 
mance. It assesses issues such as corporate governance, risk 
management, branding, climate change mitigation, supply 
chain standards, and labor practices. For the software sector, 
DJSI reviewed a total of 30 companies. SAP had sector-lead- 
ing scores in 11 of the 20 areas, including customer relation- 
ship management, risk and crisis management, innovation 
management, and human capital development . . . uTest, a 
provider of crowdsourced software testing, has closed a 
US$13 million Series C round of investment. The round was led 
by northern California-based Scale Venture Partners, which 
brings uTest's total funds raised to more than $20 million 
across the three rounds. According to uTest, the funds from 
this round will be used to expand its community of profes- 
sional testers, move into new crowdsourced service cate- 
gories, expand usability testing and load testing, and build out 
its testing platform and APIs. With this investment, Sharon 
Wienbar, managing director with Scale Venture Partners, will 
join the uTest board. I 



EVENTS CALENDAR 



Business of Software 

Boston 

RED GATE AND FOG CREEK 

www.businessofsoftware.org 



Oct. 4-6 



Software Craftsmanship Oct. 15-16 
North America 

Chicago 

8TH LIGHT AND OBTIVA 

scna.softwarecraftsmanship.org 

SPLASH (Formerly OOPSLA) Oct. 17-21 
Reno, Nev. 
ACM SIGPLAN 

splashcon.org 



Interop 


Oct. 18-22 


New York 




TECHWEB 




www.interop.com/newyork 




Software Test 


Oct. 19-21 


Professionals Conference 




Las Vegas 




REDWOOD COLLABORATIVE MEDIA 




www.stpcon.com 




SPTechCon Boston 


Oct. 20-22 


Boston 




BZ MEDIA 




sptechcon.com 




Adobe MAX 


Oct. 23-27 


Los Angeles 




ADOBE 




max.adobe.com 




Microsoft PDC 


Oct. 28-29 


Redmond 




MICROSOFT 




www.microsoftpdc.com 




Cloud Expo 


Nov. 1-4 


& Visualization Conference 


Santa Clara 




SYS-C0N 




cloudcomputingexpo.com 




DevConnections 


Nov. 1-4 


Las Vegas 




PENT0N MEDIA 




www.devconnections.com 




Zend/PHP Conference 


Nov. 1-4 


Santa Clara 




S&S MEDIA INC. 




www.zendcon.com 




ApacheCon 


Nov. 1-5 


Atlanta 




APACHE SOFTWARE FOUNDATION 




na.apachecon.com 




QCon San Francisco 


Nov. 1-5 


San Francisco 




QCON 




gconsf.com 




Enterprise 2.0 


Nov. 8-11 


Santa Clara 




TECHWEB 




www.e2conf.com/santaclara 




PASS Community Summit 


Nov. 8-11 


Seattle 




PASS 




www.sglpass.org 




SC World Congress 


Nov. 10-11 


New York 




HAYMARKET MEDIA 




www.scworldcongress.com 





For a more complete calendar of U.S. software 
development events, see www.sdtimes.com/calendar. 
Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 
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Build More Powerful 

And Effective Dashboards, 
Faster 



Support For Numerous 
Data Sources 
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Rapid Dashboard 
Development 



Leverages The Latest 
Silverlight Technology 





Full Scripting 

Capabilities With 

DundasScript™ 



More Data 
Visualization Options 



OLAP Support 



Dundas Dashboard is a highly extensible and customizable 
dashboard solution, that integrates easily into your ASRNET, 
SharePoint, Silverlight or other web application. It provides you 
with a unified view of key metrics and a new level of strategic 
insight and decision-making. 
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Powered by 

Microsoft Silverlight 




j) Dundas 

0r Data Visualization 



www.dundas.com/dashboard 

(41 6) 467-5 1 00 (800) 463-1 492 

Silverlight is a trademark of Microsoft Corporation in the United States and/or other countries. 



